The Canadian Information Processing Society is offering free copies of Microsoft Windows Server as an incentive for IT professionals to take an online self-evaluation of their security practices.
CIPS is promoting the Microsoft Security Assessment Tool (MSAT) to its members and asking them to complete a short survey when they’re done, which will be used to provide the vendor feedback on how to improve it.
The first 25 people who complete the survey will receive a copy of Windows Server 2003 R2 with 25 client licences. An additional 50 copies of Windows Server 2003 R2 with 25 client licences will be awarded to entrants drawn from all responses received by Sept. 30, though a source said this deadline may be extended. The draw will be made on October 15, 2007. CIPS is also promoting the tool through another industry association, the Canadian Advanced Technology Alliance (CATA).
MSAT, now in version 3, is a free tool that promises to identify specific areas of an organization where security is at a mature and strong level, and pinpoint any areas that could be bolstered to lower risk.
Microsoft says it can also be used to “justify requests for an increased IT budget and help you allocate your budget appropriately,” according to the vendor’s Web site.
The results will be available as soon as it’s finished and cover 60 categories which are rated high, medium or low priorities. Microsoft says it uses only non-identifiable information but will offer recommendations specifically targeted to an organization’s needs.
Faye West, a former CIPS president who is leading the MSAT project for the association, said the tool is primarily aimed at mid-market organizations of fewer than 1,000 employees.
“It’s the ones who are big enough to have problems, but not big enough to have the resources to solve the problem. I’d say they need all the help they can get,” she said.
Repeated use of MSAT could help organizations measure their progress in improving security, West added. Brian Bourne, president of Toronto-based security specialist CMS Consulting, said MSAT has been widely used by a variety of companies.
“It’s a good place to start, especially for mid-market, which makes up a lot of the Canadian market anyway,” he said, adding that CMS was among the firms who helped contribute to the latest version of MSAT.
“(Microsoft) went out to their Gold partners to see what we felt would be the most relevant information and if the tool was giving the results customers expect,” he said.
CIPS is also working with the former Software Human Resources Council, now called the Information and Communications Technology Council (ICTC), to promote MSAT. West said a notice would likely appear in the ICTC’s newsletter next week.